|
|
@@ -0,0 +1,91 @@
|
|
|
+# Computer Security - lesson 1
|
|
|
+#### Stefano Zanero
|
|
|
+###### 10 March 2016
|
|
|
+## What is security?
|
|
|
+Security is usually associated with closeness, locks, contention
|
|
|
+We usually associate it with the image of a bank vault, or a lock.
|
|
|
+
|
|
|
+### CIA paradigm
|
|
|
+- __Confidentiality__
|
|
|
+- __Integrity__
|
|
|
+- __Availability__
|
|
|
+
|
|
|
+For example in a bank withdrawal, the withdraw must always be zero sum (__integrity__),
|
|
|
+and must occur only when you're at the bank and on your request.
|
|
|
+
|
|
|
+__Availability__ goes in the opposite direction of the previous two concepts,
|
|
|
+because it means diffusing the information instead of restricting it.
|
|
|
+These conflicting requirements consists in an engineering problem,
|
|
|
+because we need to find a tradeoff, otherwise the problem would have been simple,
|
|
|
+just requiring to add more locks.
|
|
|
+
|
|
|
+### Vault image example
|
|
|
+By the keypad we can tell that some of the worn out keys are 1 and 9,
|
|
|
+so the 4-digit code is probably a year.
|
|
|
+The key concept is that a system may appear secure but there may be
|
|
|
+something that let us bypass it easily.
|
|
|
+
|
|
|
+### Vulnerability and exploit
|
|
|
+In the case of the lock the vulnerability is the attrition and the fact
|
|
|
+that the mechanical object is not perfect.
|
|
|
+But the exploit is the way of picking it wit pick and tension wrench
|
|
|
+
|
|
|
+The __vulnerability__ is the problem of a system
|
|
|
+The __exploit__ is a way of using the vulnerability to break the system.
|
|
|
+
|
|
|
+We can know the exploit without knowing the vulnerability
|
|
|
+
|
|
|
+To fix the lock vulnerability we can:
|
|
|
+- Make the exploit harder by putting a pin in the short side making it difficult to pick
|
|
|
+- We can grease the lock by making it closer to the design
|
|
|
+- We can redesign the lock in a way that the vulnerability goes away
|
|
|
+
|
|
|
+### Simple software bug
|
|
|
+The short type has less bytes that the int, so we can assign to int 65536 to short
|
|
|
+it is truncated and becomes 0
|
|
|
+TODO: think of a different exploit for the same vulnerability
|
|
|
+
|
|
|
+### Security and Protection
|
|
|
+__Security__ is a different thing from __protection level__
|
|
|
+For example a soldier in an ATV vehicle is less secure than a civil in a peaceful country
|
|
|
+In fact security depends on the environments, and on the level of threats.
|
|
|
+The __threat level__ is not always easy to assess, for example the colorado mountain seems safe
|
|
|
+but during the cuban missile crisis it was the most threatened place outside and probably
|
|
|
+safest inside (in the NORAD bunker base).
|
|
|
+
|
|
|
+### Assets and Threats
|
|
|
+__Assets__ are generally composed of
|
|
|
+- hardware
|
|
|
+- software
|
|
|
+- data
|
|
|
+- __reputation__ is also an important asset
|
|
|
+
|
|
|
+A __threat agent__ is not always intentional, but during this course
|
|
|
+ we focus on *intentional* threats.
|
|
|
+
|
|
|
+### Attackers and Attacckers
|
|
|
+They are not the same thing.
|
|
|
+The term __hacker__ (in italian *smanettone*, that comes from the italian *manetta* for joystick)
|
|
|
+Whenever we hear a sentence with the word hacker, we can substitute tu *smanettone* and
|
|
|
+check if it still makes sense, otherwise the word hacker has been used incorrectly.
|
|
|
+For example *locksmiths* are able to open locks but they are not thiefs.
|
|
|
+
|
|
|
+Malicious hackers can be attackers, but Attackers are not necessarily hackers.
|
|
|
+Another terminology: __Black hats__ = malicious hackers
|
|
|
+
|
|
|
+The term comes from old western movies in which to distinguish between the good guys and the foes
|
|
|
+the sheriffs were wearing light colored hats while the bandits wore black hats.
|
|
|
+
|
|
|
+### Security as an Engineering Problem
|
|
|
+Some vulnerabilities can not be fixed, and there is no __invulnerable systems__ or
|
|
|
+__secure systems__.
|
|
|
+`There is no spoon. (Neo)`
|
|
|
+We cannot design __secure systems__, but we can design systems that are safe enough.
|
|
|
+We define __risk__ as the combination of:
|
|
|
+- Assets
|
|
|
+- Vulnerability
|
|
|
+- Threats: independent (cannot be changed)
|
|
|
+For example when McDonalds launched in Italy (1996) it used as a marketing strategy the fact of being American.
|
|
|
+But over time they changed their image moving from the USA image to a more local image,
|
|
|
+and this operation changed their threat level because before there were more people pissed off by America
|
|
|
+ that burned flags, threw rocks at the USA embassy and burned down McDonalds.
|
